Yeah, that was exactly my point. I know that LastPass does the same
too.
You have a utility installed on your computer and the web plugin is
just
calling it.
Thanks for the information
On Mon, Feb 8, 2016 at 10:34 AM <[email protected]
<mailto:[email protected]>> wrote:
Hi,
Most applications like 1Password use a local tool with a helper in
the
browser.
Pass an do the same on Firefox with the passff plugin
https://github.com/jvenant/passff
Having your GPG passphrase exposed to a hostile environment
(browser) is
never a good idea, in principle all (other) browser plugins might
be
able to intercept your key and passphrase.
Currently some coders at IJhack are looking into a different
backend (as
opposed to git + local filesystem) that allows for rate-limiting
and a
paper trail of who accessed which passwords and when, this would
make
pass a viable alternative to enterprises that need stuff like
that.
I am looking into making a browser plugin for chrome like passff
but
it's still in extremely early stages.
Greetings,
Anne Jan
On 2016-02-08 10:04, GOYOT Martin wrote:
> Hello Alexandre,
>
> Thanks for the tip, I decided to use the android app.
>
> This said I would love you to explain me why this would be a bad
idea.
> This could work exactly like what LastPass is doing for
instance.
>
> Regards,
> -- Martin
>
> On Mon, Feb 8, 2016 at 10:00 AM Alexandre PUJOL <[email protected]
<mailto:[email protected]>> wrote:
>
>> Using git, you can use any git sever and git web app (like
cgit) as
>> a
>> pass web viewer. Then, the git server will allow you to sync
your
>> passwords between you device, and thus use the good pass client
for
>> your
>> device (pass, pass-ios, Android-Password-Store...)
>>
>> However the git web app only output the tree of the password
>> directory.
>> The content itself stay encrypted. Do NOT try to create a tool
in
>> order
>> to decrypt and output it in a web browser. As said Dashamir
Hoxha
>> it
>> would not be a good idea at all.
>> Because you must NOT:
>> - Use any server to decrypt your password.
>> - Use JavaScript to decrypt the password directly in a web
browser.
>>
>> This is why there is not pass web app, all the pass server you
>> would
>> ever need already exist it is a git server.
>>
>> Regards,
>> Alex
>>
>> On 07/02/16 20:57, GOYOT Martin wrote:
>>> Oh I didn't know of keybase. Looks like a really interesting
>> project!
>>>
>>> Also I don't know if Kenny Stier had the mailing list in copy
>> when he
>>> replied to me, but he pointed me to two mobile applications
that
>> can
>>> deal with pass:
>>>
>>> https://github.com/zeapo/Android-Password-Store [1]
>>> https://github.com/davidjb/pass-ios#readme [2]
>>>
>>> I decided to give the android app a try, and for my really
small
>> test
>>> until now, looks good!
>>>
>>> On Sun, Feb 7, 2016 at 8:24 PM Santiago Borrazás
>> <[email protected] <mailto:[email protected]>
>>> <mailto:[email protected] <mailto:[email protected]>>> wrote:
>>>
>>> Also, maybe using the Keybase
>>> filesystem
>> https://keybase.io/introducing-the-keybase-filesystem [3]
>>>
>>> On Sun, Feb 7, 2016 at 10:22 AM, Dashamir Hoxha
>>> <[email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>>
wrote:
>>>
>>> In principle, you can use `git clone` or `rsync` to copy
>>> ~/.password-store to a portable device (usb, phone,
>> smartphone,
>>> etc.). You can copy there the corresponding GPG key as
>> well.
>>> Then, on another computer, you can tell pass to use the
>> data on
>>> the portable device by setting environment variables like
>> this:
>>>
>>> export PASSWORD_STORE_DIR="/dev/sdb1/.password-store"
>>> export
>> PASSWORD_STORE_GPG_OPTS="--homedir=/dev/sdb1/.gnupg"
>>>
>>> Or you can define an alias like this:
>>>
>>> alias
>> pass="PASSWORD_STORE_DIR='/dev/sdb1/.password-store'
>>> PASSWORD_STORE_GPG_OPTS='--homedir=/dev/sdb1/.gnupg'
>> pass"
>>>
>>> I haven't tried this but it should work. Maybe somebody
>> has
>>> written any blog or tutorial about this, with more
>> detailed
>>> instructions.
>>>
>>> Sorry, I know nothing about any web interface to pass.
>> And I
>>> don't even think it would be a good idea.
>>>
>>> Regards,
>>> Dashamir
>>>
>>> On Sun, Feb 7, 2016 at 6:11 PM, GOYOT Martin
>> <[email protected] <mailto:[email protected]>
>>> <mailto:[email protected] <mailto:[email protected]>>> wrote:
>>>
>>> Hello there,
>>>
>>> This is my first mail here, so if I'm doing anything
>> wrong
>>> please tell me. I just wanted to know if there was
>> any web
>>> app or mobile app that was able to deal with the pass
>>> utility as a backend.
>>>
>>> I'm using pass since quite some time now, and I
>> really love
>>> it. But sometimes I need to access my passwords and
>> sadly
>>> I'm not on my own computer with pass installed, my
>> gpg key
>>> and so on. So I was wondering if something like a web
>> or
>>> mobile interface capable to answer this problematic
>> already
>>> exists.
>>>
>>> Regards,
>>> -- Martin
>>>
>>> _______________________________________________
>>> Password-Store mailing list
>>> [email protected]
<mailto:[email protected]>
>>> <mailto:[email protected]
<mailto:[email protected]>>
>>>
>> http://lists.zx2c4.com/mailman/listinfo/password-store [4]
>>>
>>>
>>>
>>> _______________________________________________
>>> Password-Store mailing list
>>> [email protected]
<mailto:[email protected]>
>>> <mailto:[email protected]
<mailto:[email protected]>>
>>> http://lists.zx2c4.com/mailman/listinfo/password-store
>> [4]
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Password-Store mailing list
>>> [email protected]
<mailto:[email protected]>
>>> http://lists.zx2c4.com/mailman/listinfo/password-store [4]
>>>
>> _______________________________________________
>> Password-Store mailing list
>> [email protected]
<mailto:[email protected]>
>> http://lists.zx2c4.com/mailman/listinfo/password-store [4]
>
>
> Links:
> ------
> [1] https://github.com/zeapo/Android-Password-Store
> [2] https://github.com/davidjb/pass-ios#readme
> [3] https://keybase.io/introducing-the-keybase-filesystem
> [4] http://lists.zx2c4.com/mailman/listinfo/password-store
>
> _______________________________________________
> Password-Store mailing list
> [email protected]
<mailto:[email protected]>
> http://lists.zx2c4.com/mailman/listinfo/password-store
